javascript 禁用文本区域中的一些特殊字符
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4991259/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Disabling some special characters in text area
提问by John Doe
Hey guys, I'm thinking of ways to disable users from typing some special characters like < and >. But I would like them to use full stops and commas and question marks and exclamation marks and quotes. I've come up with this piece of code but it doesn't seem to allow any special character.:
嘿伙计们,我正在考虑禁止用户输入诸如 < 和 > 之类的特殊字符的方法。但我希望他们使用句号、逗号、问号、感叹号和引号。我想出了这段代码,但它似乎不允许任何特殊字符。:
<script type="text/JavaScript">
function valid(f) {
!(/^[A-z??0-9]*$/i).test(f.value)?f.value = f.value.replace(/[^A-z??0-9]/ig,''):null;
}
</script>
回答by Martin Jespersen
There are several ways of doing this, none of them are a good way to go tho, but we'll get to that.
有几种方法可以做到这一点,没有一种是好的方法,但我们会做到这一点。
you can bind to
onkeyup/onkeydown/onkeypressevents on the element and cancel events for characters you have blacklisted. This will not stop people from pasting the characters into the field however.You can bind to the
onchangeevent of the element and them remove the blacklisted characters from it, once the user is done inputting.
您可以绑定到
onkeyup/onkeydown/onkeypress元素上的事件并取消已列入黑名单的角色的事件。但是,这不会阻止人们将字符粘贴到字段中。您可以绑定到
onchange元素的事件,一旦用户完成输入,它们就会从中删除列入黑名单的字符。
The problem with any type of sanitizing like this in javascript is that it is trivial for a user with a tiny bit of knowhow, to circumvent these measures and still upload the offending characters to the server anyway.
javascript 中任何类型的清理的问题在于,对于具有一点点专业知识的用户来说,绕过这些措施并仍然将违规字符上传到服务器是微不足道的。
So if you don't want to allow special characters in the user generated input you should either
因此,如果您不想在用户生成的输入中允许特殊字符,您应该
- remove them serverside after the userinput has been submitted
- keep them but encode them into html entities
>and<for>and<for instance before outputting them anywhere on your webpage.
- 提交用户输入后在服务器端删除它们
- 让他们但编码成HTML实体
>,并<为>与<任何地方输出他们对你的网页之前实例。
回答by Yoko Zunna
Try with this...
试试这个...
var iChars = "!@#$%^&*()+=-[]\\';,./{}|\":<>?";
for (var i = 0; i < document.formname.fieldname.value.length; i++) {
if (iChars.indexOf(document.formname.fieldname.value.charAt(i)) != -1) {
alert ("Your username has special characters. \nThese are not allowed.\n Please remove them and try again.");
return false;
}
}
回答by Stefan
why not simply check the character pressed on "onKeyDown" event?
为什么不简单地检查在“onKeyDown”事件上按下的字符?
<textarea id="foo"></textarea>
<script>
document.getElementById('foo').onkeydown = validate;
function validate(){
var evtobj = window.event? event : e; // IE event or normal event
var unicode = evtobj.charCode? evtobj.charCode : evtobj.keyCode;
var actualkey = String.fromCharCode(unicode);
]
return (/^[A-z??0-9]*$/i).test(actualKey);
</script>
This simply gets the key which was pressed, and if it is a valid one returns true, otherwise false, this, in term, determines if the key is actually written in the textarea or not
这只是获取按下的键,如果它是有效的,则返回 true,否则返回 false,这在术语中确定该键是否实际写入 textarea 中
